Skip to main content
jefazo92
jefazo92
Explorer II
June 24, 2024
Question

Why is the same IP address assigned for VLAN Switch interfaces in FG-100F?

  • June 24, 2024
  • 1 reply
  • 2391 views

Hi,

 

I have an FG-100 with factory settings. When I go to Network -> Interfaces, I notice that there is only one IP assigned for all 20 VLAN Switch interfaces. Why is this so? The FG-100F is a layer 3 switch so every interface should have a different IP and MAC address (even a layer 2 switch should have every interface with a different MAC address). Please, would someone mind helping me understand what is going on here? 

1 reply

ebilcari
Staff
ebilcari
Staff
June 24, 2024

The interfaces are part of the hardware switch, that works as a L2 device attached to the FGT for easy deployment in small branches. The interfaces can be easily removed from the HW SW and used independently as routed ports like shown here.

    jefazo92
    jefazo92Author
    Explorer II
    June 26, 2024

    Thank you very much for your reply. When I remove the interface from the list in VLAN Switch group, the interface goes to the Physical Interface group. However, how may I assign my interface as a routed port? What are the next steps to follow? Do I only have to add a static IP to make it routable or do I need a new group for the interface?

     

    P. S. In the context of your reply, are the interfaces in the VLAN group considered to be the interfaces for L2? I ask this because VLAN is a functionality of a L2 switch which I may not want to use. I will probably want to use L2 interfaces to do "normal" L2 switching. 

    ebilcari
    Staff
    ebilcari
    Staff
    June 26, 2024

    Yes, assigning an IP to the interface will make it work as a routed interface, no extra steps required. Remember that FGT is a firewall and you need to add firewall policies (usually for each interface) to allow traffic.

     

    FGT supports both the sub interface and L2 VLAN (HW/SW switch) approach. As per other vendors, sub interface (tagged traffic) VLAN, is locally significant to that (routed) interface and is not spanned. HW/SW switch share the same L2 broadcast domain.

      Terms & ConditionsCookie settingsAccessibility statement